hyperledger · johannww · Apr 20, 2022 · Jul 9, 2022 · Jul 15, 2022 · Jul 19, 2022
@@ -9,6 +9,7 @@ package signer
 import (
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/rand"
 	"crypto/x509"
 	"encoding/asn1"
@@ -37,7 +38,7 @@ type Config struct {
 // initialize an MSP without a CA cert that signs the signing identity,
 // this will do for now.
 type Signer struct {
-	key     *ecdsa.PrivateKey
+	key     crypto.PrivateKey
 	Creator []byte
 }
 
@@ -93,11 +94,19 @@ func validateEnrollmentCertificate(b []byte) error {
 }
 
 func (si *Signer) Sign(msg []byte) ([]byte, error) {
-	digest := util.ComputeSHA256(msg)
-	return signECDSA(si.key, digest)
+	switch key := si.key.(type) {
+	// Fabric only supports ECDSA and ed25519 at the moment.
+	case *ecdsa.PrivateKey:
+		digest := util.ComputeSHA256(msg)
+		return signECDSA(si.key.(*ecdsa.PrivateKey), digest)
+	case ed25519.PrivateKey:
+		return ed25519.Sign(si.key.(ed25519.PrivateKey), msg), nil
+	default:
+		return nil, errors.Errorf("found unknown private key type (%T) in msg signing", key)
+	}
 }
 
-func loadPrivateKey(file string) (*ecdsa.PrivateKey, error) {
+func loadPrivateKey(file string) (crypto.PrivateKey, error) {
 	b, err := os.ReadFile(file)
 	if err != nil {
 		return nil, errors.WithStack(err)
@@ -110,7 +119,7 @@ func loadPrivateKey(file string) (*ecdsa.PrivateKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	return key.(*ecdsa.PrivateKey), nil
+	return key, nil
 }
 
 // Based on crypto/tls/tls.go but modified for Fabric:
@@ -121,6 +130,8 @@ func parsePrivateKey(der []byte) (crypto.PrivateKey, error) {
 		// Fabric only supports ECDSA at the moment.
 		case *ecdsa.PrivateKey:
 			return key, nil
+		case ed25519.PrivateKey:
+			return key, nil
 		default:
 			return nil, errors.Errorf("found unknown private key type (%T) in PKCS#8 wrapping", key)
 		}

@@ -8,6 +8,7 @@ package signer
 
 import (
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/x509"
 	"encoding/pem"
 	"os"
@@ -19,7 +20,7 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestSigner(t *testing.T) {
+func TestEcdsaSigner(t *testing.T) {
 	conf := Config{
 		MSPID:        "SampleOrg",
 		IdentityPath: filepath.Join("testdata", "signer", "cert.pem"),
@@ -35,7 +36,27 @@ func TestSigner(t *testing.T) {
 
 	r, s, err := utils.UnmarshalECDSASignature(sig)
 	require.NoError(t, err)
-	ecdsa.Verify(&signer.key.PublicKey, util.ComputeSHA256(msg), r, s)
+	verify := ecdsa.Verify(&signer.key.(*ecdsa.PrivateKey).PublicKey, util.ComputeSHA256(msg), r, s)
+	require.True(t, verify)
+}
+
+func TestEd25519Signer(t *testing.T) {
+	conf := Config{
+		MSPID:        "SampleOrg",
+		IdentityPath: filepath.Join("testdata", "signer", "ed25519.pem"),
+		KeyPath:      filepath.Join("testdata", "signer", "ed25519_sk"),
+	}
+
+	signer, err := NewSigner(conf)
+	require.NoError(t, err)
+
+	msg := []byte("foo")
+	sig, err := signer.Sign(msg)
+	require.NoError(t, err)
+
+	require.NoError(t, err)
+	verify := ed25519.Verify(signer.key.(ed25519.PrivateKey).Public().(ed25519.PublicKey), msg, sig)
+	require.True(t, verify)
 }
 
 func TestSignerDifferentFormats(t *testing.T) {

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB3zCCAZGgAwIBAgIUOl8Rs3mka5U/s4hFwkGHjK1dh8IwBQYDK2VwMFkxCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEQMA4GA1UEBwwHUmFs
+ZWlnaDENMAsGA1UECgwEb3JnMTEQMA4GA1UEAwwHY2Eub3JnMTAeFw0yMjA0MTQy
+MjI1NDRaFw0zMjA0MTEyMjI1NDRaMFYxCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5O
+b3J0aCBDYXJvbGluYTEQMA4GA1UEBwwHUmFsZWlnaDENMAsGA1UECwwEb3JnMTEN
+MAsGA1UEAwwEcGVlcjAqMAUGAytlcAMhAOzQFNesvxCuSDr/vTLx38nryWT+xzHZ
+LO3ztNUH2BCUo24wbDAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADArBgNV
+HREEJDAihwR/AAABgglwZWVyLm9yZzGCCWxvY2FsaG9zdIcEfwAAATAfBgNVHSME
+GDAWgBQ0P7GW2Hf1Hll6UiMtfeFsdUmF5jAFBgMrZXADQQAc4U4nbmXKZPuEFGzS
+s9y3urd9W2jguFyOx6ZdoL2Tn6dnrHNApCaJtOMwZAklaLQKvYsVF4DR/QRfdLA/
+Y4wK
+-----END CERTIFICATE-----
@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIFRg7zy6CQrAGXOzvM6XVhpzYuYyxP36bmpjd8x+qE1H
+-----END PRIVATE KEY-----